Shibb for Global Protect VPN?

Andrew Jason Morgan morgan at oregonstate.edu
Thu Jan 21 20:06:17 UTC 2021


We recently deployed Cisco's VPN using SAML authentication, and it uses an embedded browser that doesn't share cookies.  Still, it is really nice to use our standard campus login page (with Duo) instead of some custom auth solution!

Andy

________________________________
From: users <users-bounces at shibboleth.net> on behalf of Cantor, Scott <cantor.2 at osu.edu>
Sent: Thursday, January 21, 2021 11:51 AM
To: Shib Users <Users at shibboleth.net>
Subject: Re: Shibb for Global Protect VPN?

[This email originated from outside of OSU. Use caution with links and attachments.]

On 1/21/21, 2:42 PM, "users on behalf of IAM David Bantz" <users-bounces at shibboleth.net on behalf of dabantz at alaska.edu> wrote:

>    UAlaska has deployed VPN access using Global Protect. If I understand correctly, VPNs are (or can be) initiated in a web
> portal. If so, seems one could protect that web page with Shibb and thus have a valid SSO session immediately upon
> establishment of VPN connection (at least if IP address consistency is not enforced).

As far as I know, virtually never. Those are usually based on embedded browsers that aren't going to share cookie state with any browser somebody is using.

-- Scott


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210121/38a5e431/attachment.htm>


More information about the users mailing list